Multiple vulnerabilities in Cisco Email and Web Appliances
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2022-20867 CVE-2022-20868 |
| CWE-ID | CWE-89 CWE-321 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cisco AsyncOS for Cisco Email Security Appliance Server applications / IDS/IPS systems, Firewalls and proxy servers Cisco AsyncOS for Web Security Appliances Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) SQL injection
EUVDB-ID: #VU68965
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20867
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the next-generation UI management interface. A remote privileged user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco AsyncOS for Cisco Email Security Appliance: 14.2.0 - 14.3.0
CPE2.3- cpe:2.3:a:cisco_systems:cisco_asyncos_for_cisco_email_security_appliance:14.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_asyncos_for_cisco_email_security_appliance:14.3.0:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc12181
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc12185
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of Hard-coded Cryptographic Key
EUVDB-ID: #VU68966
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-20868
CWE-ID:
CWE-321 - Use of Hard-coded Cryptographic Key
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the device.
The vulnerability exists due to usage of a hard-coded value to encrypt a token that is used for certain API calls. A remote user can send a specially crafted HTTP request to the next-generation UI management interface, impersonate another valid user and execute commands with the privileges of that user account.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCisco AsyncOS for Cisco Email Security Appliance: before 14.2.1-015
Cisco AsyncOS for Web Security Appliances: before 14.2.0-217
CPE2.3- cpe:2.3:a:cisco_systems:cisco_asyncos_for_cisco_email_security_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:cisco_asyncos_for_web_security_appliances:*:*:*:*:*:*:*:*
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esasmawsa-vulns-YRuSW5mD
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc12183
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwc12186
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
